package com.web.oa.shiro;


import org.apache.shiro.authc.AuthenticationToken;
import org.apache.shiro.subject.Subject;
import org.apache.shiro.web.filter.authc.FormAuthenticationFilter;
import org.apache.shiro.web.util.WebUtils;

import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpSession;

//重写默认的表单认证过滤器，处理认证成功后的跳转问题
public class FormAuthenticationFilter2 extends FormAuthenticationFilter {
    @Override
    protected boolean onLoginSuccess(AuthenticationToken token, Subject subject, ServletRequest request, ServletResponse response) throws Exception {
        WebUtils.getAndClearSavedRequest(request);
        WebUtils.redirectToSavedRequest(request, response, "/main");
        return true;
    }

	@Override
	protected boolean onAccessDenied(ServletRequest request, ServletResponse response) throws Exception {
		HttpServletRequest req = (HttpServletRequest) request;
		String validateCode = req.getParameter("checkCode");
        HttpSession session = req.getSession();
        String randNum = (String) session.getAttribute("right");

		if (validateCode != null && randNum != null && !validateCode.equalsIgnoreCase(randNum)) {
			request.setAttribute(FormAuthenticationFilter.DEFAULT_ERROR_KEY_ATTRIBUTE_NAME, "errorCheckCode");
			return true;
		}
		return super.onAccessDenied(request, response);
	}
}
